Merge config file if it exists

2026-05-26 12:10:49 +00:00 · 2025-11-13 11:14:45 -08:00 · 2025-11-13 11:14:45 -08:00 · 61c9f1a1ef
commit 61c9f1a1ef
parent fbd11c6d44
6 changed files with 193 additions and 11 deletions
--- a/packages/safe-chain/src/packagemanager/pip/runPipCommand.js
+++ b/packages/safe-chain/src/packagemanager/pip/runPipCommand.js
@ -3,8 +3,10 @@ import { safeSpawn } from "../../utils/safeSpawn.js";
 import { mergeSafeChainProxyEnvironmentVariables } from "../../registryProxy/registryProxy.js";
 import { getCombinedCaBundlePath } from "../../registryProxy/certBundle.js";
 import fs from "node:fs/promises";
+import fsSync from "node:fs";
 import os from "node:os";
 import path from "node:path";
+import ini from "ini";

 /**
 * @param {string} command
@ -36,20 +38,59 @@ export async function runPip(command, args) {
      env.PIP_CERT = combinedCaPath;
    }

-    if (!env.PIP_CONFIG_FILE) {
-      const tmpDir = os.tmpdir();
-      const pipConfigPath = path.join(tmpDir, `safe-chain-pip-${Date.now()}.ini`);
+    // Proxy settings: prefer GLOBAL_AGENT_HTTP_PROXY, then HTTPS_PROXY, then HTTP_PROXY
+    const proxy = env.GLOBAL_AGENT_HTTP_PROXY || env.HTTPS_PROXY || env.HTTP_PROXY || '';

-      // Proxy settings: prefer GLOBAL_AGENT_HTTP_PROXY, then HTTPS_PROXY, then HTTP_PROXY
-      const proxy = env.GLOBAL_AGENT_HTTP_PROXY || env.HTTPS_PROXY || env.HTTP_PROXY || '';
+    const tmpDir = os.tmpdir();
+    const pipConfigPath = path.join(tmpDir, `safe-chain-pip-${Date.now()}.ini`);
+
+    if (!env.PIP_CONFIG_FILE) {

      // Build pip config INI
-      let pipConfig = '[global]\n';
-      pipConfig += `cert = ${combinedCaPath}\n`;
-      if (proxy) pipConfig += `proxy = ${proxy}\n`;
-
+      /** @type {{ global: { cert: string, proxy?: string } }} */
+      const configObj = { global: { cert: combinedCaPath } };
+      if (proxy) {
+        configObj.global.proxy = proxy;
+      }
+      const pipConfig = ini.stringify(configObj);
      await fs.writeFile(pipConfigPath, pipConfig);
      env.PIP_CONFIG_FILE = pipConfigPath;
+    } else if (fsSync.existsSync(env.PIP_CONFIG_FILE)) {
+      // Existing pip config file present and exists on disk.
+      // Lets merge in our cert and proxy settings if not already present
+      const userConfig = env.PIP_CONFIG_FILE;
+      
+      ui.writeVerbose("Safe-chain: Merging user provided PIP_CONFIG_FILE with safe-chain certificate and proxy settings.");
+
+      // Read the existing config without modifying it
+      let content = await fs.readFile(userConfig, "utf-8");
+      const parsed = ini.parse(content);
+
+      // Ensure [global] section exists
+      parsed.global = parsed.global || {};
+
+      // Adding CERT and PROXY
+      // If either is already set, there's no neeed to throw an error; mitm might fail and throw later if the proxy config is invalid
+
+      // Cert
+      if (typeof parsed.global.cert === "undefined") {
+        ui.writeVerbose("Safe-chain: Adding cert to existing PIP_CONFIG_FILE.");
+        parsed.global.cert = combinedCaPath;
+      }
+
+      // Proxy
+      if (typeof parsed.global.proxy === "undefined") {
+        if (proxy) {
+          ui.writeVerbose("Safe-chain: Adding proxy to existing PIP_CONFIG_FILE.");
+          parsed.global.proxy = proxy;
+        }
+      }
+
+      const updated = ini.stringify(parsed);
+
+      // Save to a new temp file to avoid overwriting user's original config
+      await fs.writeFile(pipConfigPath, updated, "utf-8");
+      env.PIP_CONFIG_FILE = pipConfigPath;
    }

    const result = await safeSpawn(command, args, {